Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach
Internet of things (IoT) is a technology that enables our daily life objects to connect on the Internet and to send and receive data for a meaningful purpose. In recent years, IoT has led to many revolutions in almost every sector of our society. Nevertheless, security threats to IoT devices and net...
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2021-07-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1424-8220/21/14/4816 |
| id |
doaj-08a50a2b79ac48a4ba024f923067ed36 |
|---|---|
| record_format |
Article |
| spelling |
doaj-08a50a2b79ac48a4ba024f923067ed362021-07-23T14:05:51ZengMDPI AGSensors1424-82202021-07-01214816481610.3390/s21144816Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling ApproachSyed Ghazanfar Abbas0Ivan Vaccari1Faisal Hussain2Shahzaib Zahid3Ubaid Ullah Fayyaz4Ghalib A. Shah5Taimur Bakhshi6Enrico Cambiaso7Al-Khwarizmi Institute of Computer Science (KICS), University of Engineering & Technology (UET), Lahore 54890, PakistanConsiglio Nazionale delle Ricerche (CNR), IEIIT Institute, 16149 Genoa, ItalyAl-Khwarizmi Institute of Computer Science (KICS), University of Engineering & Technology (UET), Lahore 54890, PakistanAl-Khwarizmi Institute of Computer Science (KICS), University of Engineering & Technology (UET), Lahore 54890, PakistanAl-Khwarizmi Institute of Computer Science (KICS), University of Engineering & Technology (UET), Lahore 54890, PakistanAl-Khwarizmi Institute of Computer Science (KICS), University of Engineering & Technology (UET), Lahore 54890, PakistanDepartment of Computer Science, National University of Computer and Emerging Sciences, Lahore 54000, PakistanConsiglio Nazionale delle Ricerche (CNR), IEIIT Institute, 16149 Genoa, ItalyInternet of things (IoT) is a technology that enables our daily life objects to connect on the Internet and to send and receive data for a meaningful purpose. In recent years, IoT has led to many revolutions in almost every sector of our society. Nevertheless, security threats to IoT devices and networks are relentlessly disruptive, because of the proliferation of Internet technologies. Phishing is one of the most prevalent threats to all Internet users, in which attackers aim to fraudulently extract sensitive information of a user or system, using fictitious emails, websites, etc. With the rapid increase in IoT devices, attackers are targeting IoT devices such as security cameras, smart cars, etc., and perpetrating phishing attacks to gain control over such vulnerable devices for malicious purposes. In recent decades, such scams have been spreading, and they have become increasingly advanced over time. By following this trend, in this paper, we propose a threat modelling approach to identify and mitigate the cyber-threats that can cause phishing attacks. We considered two significant IoT use cases, i.e., smart autonomous vehicular system and smart home. The proposed work is carried out by applying the STRIDE threat modelling approach to both use cases, to disclose all the potential threats that may cause a phishing attack. The proposed threat modelling approach can support the IoT researchers, engineers, and IoT cyber-security policymakers in securing and protecting the potential threats in IoT devices and systems in the early design stages, to ensure the secure deployment of IoT devices in critical infrastructures.https://www.mdpi.com/1424-8220/21/14/4816internet of thingsmitigationthreat modelingcyber-threatsphishingsmart autonomous vehicular system |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Syed Ghazanfar Abbas Ivan Vaccari Faisal Hussain Shahzaib Zahid Ubaid Ullah Fayyaz Ghalib A. Shah Taimur Bakhshi Enrico Cambiaso |
| spellingShingle |
Syed Ghazanfar Abbas Ivan Vaccari Faisal Hussain Shahzaib Zahid Ubaid Ullah Fayyaz Ghalib A. Shah Taimur Bakhshi Enrico Cambiaso Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach Sensors internet of things mitigation threat modeling cyber-threats phishing smart autonomous vehicular system |
| author_facet |
Syed Ghazanfar Abbas Ivan Vaccari Faisal Hussain Shahzaib Zahid Ubaid Ullah Fayyaz Ghalib A. Shah Taimur Bakhshi Enrico Cambiaso |
| author_sort |
Syed Ghazanfar Abbas |
| title |
Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach |
| title_short |
Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach |
| title_full |
Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach |
| title_fullStr |
Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach |
| title_full_unstemmed |
Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach |
| title_sort |
identifying and mitigating phishing attack threats in iot use cases using a threat modelling approach |
| publisher |
MDPI AG |
| series |
Sensors |
| issn |
1424-8220 |
| publishDate |
2021-07-01 |
| description |
Internet of things (IoT) is a technology that enables our daily life objects to connect on the Internet and to send and receive data for a meaningful purpose. In recent years, IoT has led to many revolutions in almost every sector of our society. Nevertheless, security threats to IoT devices and networks are relentlessly disruptive, because of the proliferation of Internet technologies. Phishing is one of the most prevalent threats to all Internet users, in which attackers aim to fraudulently extract sensitive information of a user or system, using fictitious emails, websites, etc. With the rapid increase in IoT devices, attackers are targeting IoT devices such as security cameras, smart cars, etc., and perpetrating phishing attacks to gain control over such vulnerable devices for malicious purposes. In recent decades, such scams have been spreading, and they have become increasingly advanced over time. By following this trend, in this paper, we propose a threat modelling approach to identify and mitigate the cyber-threats that can cause phishing attacks. We considered two significant IoT use cases, i.e., smart autonomous vehicular system and smart home. The proposed work is carried out by applying the STRIDE threat modelling approach to both use cases, to disclose all the potential threats that may cause a phishing attack. The proposed threat modelling approach can support the IoT researchers, engineers, and IoT cyber-security policymakers in securing and protecting the potential threats in IoT devices and systems in the early design stages, to ensure the secure deployment of IoT devices in critical infrastructures. |
| topic |
internet of things mitigation threat modeling cyber-threats phishing smart autonomous vehicular system |
| url |
https://www.mdpi.com/1424-8220/21/14/4816 |
| work_keys_str_mv |
AT syedghazanfarabbas identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach AT ivanvaccari identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach AT faisalhussain identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach AT shahzaibzahid identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach AT ubaidullahfayyaz identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach AT ghalibashah identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach AT taimurbakhshi identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach AT enricocambiaso identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach |
| _version_ |
1721285942279405568 |